Description
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-5764 Vulnerability (CVE-2013-5764)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12167)
MySQL CVE-2017-3450 Vulnerability (CVE-2017-3450)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3745)
Plone CMS Weak Password Requirements Vulnerability (CVE-2020-7940)